OpenStack Compute (nova)

Check for use of IPv6 missing

Bug #773412 reported by Graham Hemingway
38
This bug affects 8 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
High
Eldar Nugaev
OpenStack Compute (nova) 2011.3 "diablo"

Bug Description

Please see question https://answers.launchpad.net/nova/+question/154771 for a bit more information on this bug.

In revision 1034, nova/virt/libvirt_conn.py add_filters_for_instance was changed. It used to have a nice check on the use of ipv6:

2015 if FLAGS.use_ipv6:
2016 self.iptables.ipv6['filter'].add_chain(chain_name)
2017 ips_v6 = [ip['ip'] for (_, mapping) in network_info
2018 for ip in mapping['ip6s']]
2019
2020 for ipv6_address in ips_v6:
2021 self.iptables.ipv6['filter'].add_rule('local',
2022 '-d %s -j $%s' %
2023 (ipv6_address,
2024 chain_name))

But now it assumes the use of ipv6:

 2012 ips_v6 = [ip['ip'] for (_n, mapping) in network_info
 2013 for ip in mapping['ip6s']]

The default behavior for ipv6 is off (i.e. --use_ipv6 flag defaults to false). Every other use of the ip6s flag in libvirt_conn.py checks the use correctly, such as:

201 if FLAGS.use_ipv6:
202 mapping['ip6s'] = [ip6_dict()]
203 mapping['gateway6'] = network['gateway_v6']

912 if FLAGS.use_ipv6:
913 address_v6 = mapping['ip6s'][0]['ip']

Tags: regression

Related branches

lp:~openstack-gd/nova/lp773412
Matt Dietz (community): Approve
Vish Ishaya (community): Approve
Ilya Alekseyev: Pending requested
Diff: 79 lines (+25/-7)
2 files modified
nova/tests/test_virt.py (+11/-1)
nova/virt/libvirt_conn.py (+14/-6)
Eldar Nugaev (reldan)
Changed in nova:
assignee: nobody → Eldar Nugaev (reldan)
Eldar Nugaev (reldan)
Changed in nova:
status: New → In Progress
Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Critical
OpenStack Infra (hudson-openstack)
Changed in nova:
status: In Progress → Fix Committed
Revision history for this message
Kevin Bringard (kbringard) wrote :

I added this to 773308, but because it claims to be a duplicate of this one, I figured I should add it here as well:

A very similar error appears to be happening when attempting to apply euca-authorize rules to running nodes.

If I start a new node in a group with existing rules, everything works as expected. However if I have a VM running in a group (let's say default), and I attempt to update or create a new rule in that group I receive the following exception in the nova-compute.log:

2011-05-11 19:56:48,889 ERROR nova.exception [-] Uncaught exception
(nova.exception): TRACE: Traceback (most recent call last):
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 87, in _wrap
(nova.exception): TRACE: return f(*args, **kw)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/compute/manager.py", line 205, in refresh_security_group_rules
(nova.exception): TRACE: return self.driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 1382, in refresh_security_group_rules
(nova.exception): TRACE: self.firewall_driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2173, in refresh_security_group_rules
(nova.exception): TRACE: self.do_refresh_security_group_rules(security_group)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/utils.py", line 604, in inner
(nova.exception): TRACE: retval = f(*args, **kwargs)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2180, in do_refresh_security_group_rules
(nova.exception): TRACE: self.add_filters_for_instance(instance)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2044, in add_filters_for_instance(nova.exception): TRACE: network_info)(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2018, in _filters_for_instance
(nova.exception): TRACE: ips_v4 = [ip['ip'] for (_n, mapping) in network_info(nova.exception): TRACE: TypeError: 'NoneType' object is not iterable
(nova.exception): TRACE:
2011-05-11 19:56:48,890 ERROR nova [-] Exception during message handling
(nova): TRACE: Traceback (most recent call last):
(nova): TRACE: File "/usr/lib/pymodules/python2.6/nova/rpc.py", line 198, in _receive
(nova): TRACE: rval = node_func(context=ctxt, **node_args)
(nova): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 93, in _wrap
(nova): TRACE: raise Error(str(e))
(nova): TRACE: Error: 'NoneType' object is not iterable
(nova): TRACE:

Eldar Nugaev (reldan)
Changed in nova:
status: Fix Committed → In Progress
Thierry Carrez (ttx)
Changed in nova:
importance: Critical → High
tags: added: regression
OpenStack Infra (hudson-openstack)
Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → diablo-1
Thierry Carrez (ttx)
Changed in nova:
milestone: diablo-1 → 2011.3
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.